When we first saw [Chris Paget]’s cloning video, our reaction was pretty ‘meh’. We’d seen RFID cloning before and the Mifare crack was probably the last time RFID was actually interesting. His ShmooCon presentation, embedded above, caught us completely off-guard. It’s very informative; we highly recommend it.

The hardest part about selling this talk is that it has to use two overloaded words: ‘RFID’ and ‘passport’. The Passport Card, which is part the the Western Hemisphere Travel Initiative (WHTI), is not like the passport book that you’re familiar with. It has the form factor of a driver’s license and can only be used for land and sea travel between the USA, Canada, the Caribbean region, Bermuda, and Mexico. They’ve only started issuing them this year.

The Passport Card also uses RFID… but not the same technology as e-passports that have been issued world wide. You’re probably familiar with 125KHz access control cards and 13.56MHz smartcards, MiFare tags, and e-passports. These are all inductively coupled technologies. The RFID used in Passport Cards is in the 900MHz band and is a capacitive technology. It’s EPC Class 1 Generation 2, the same sort of technology used to track goods in warehouses. Each EPC has a 96bit ID number. By design, they have to be readable from a minimum of 30 feet.

To start his research, [Chris] purchased an XR400 RFID reader of off eBay. This is an industrial reader with four antenna ports and Windows CE. He got a great deal… because it didn’t work. He guessed that the ball grid array (BGA) solder joints had cracked. Putting enough pressure on the chips allowed the device to boot. He repaired the board using a heat gun to reflow the solder. He referenced this video of an Xbox 360 being repaired with the same technique. [bunnie] has a post from last year investigating Xbox 360 RRODs and possible BGA failures.

900MHz RFID cards are not inductively coupled to the reader, so their read range is not limited by the wavelength. With a HAM license in the US, you can broadcast with up to 1500W. At Defcon this year, [Chris] plans on going for a new read record. He cited the company ThingMagic using 10W into a 12dbi antenna and getting 100% read reliability from 213ft. The theoretical limit for 1500W through a 18dBi antenna is 2.35 miles; you’d be limited by how far the tag can transmit though. He’s set up the site RFIDHackers.com to help coordinate efforts.

Another future project is using the GNU Radio USRP board to do differential power analysis against the Passport Card. It’s a brute force method for extracting the 32bit kill and lock codes for the tags, which could then be used to deactivate cards.

The goal of [Chris]‘ research from the beginning was to show that RFID is unsuitable for security situations like this. Passport Cards assign a unique identifier to each holder. This ID can be read from a distance and coordinated with the holders other RFID items like their credit card. Any party can track someone holding these cards, and they don’t make border crossings any faster, since the cards still have to be checked in person.

The USA is now tracking its residents with the same respect given to items in Walmart.

The Massachusetts Bay Transit Authority (MBTA) has dropped its federal case against three MIT researchers, “the subway hackers”. This happened in October and now the EFF brings news that the students will be working with the MBTA to improve their system. The overall goal is to raise security while keeping expenses minimal.

This whole mess started in August when a gag order was issued against the students’ presentation at Defcon. It’s a shame no one ever saw it because it covers a lot of interesting ground. A PDF of the banned slides is still online. They performed several attacks against both the subway’s fare system and physical security. Our favorites by far were using GNU Radio to sniff the RFID card’s transaction and bruteforcing Mifare Classic with an FPGA.

[Karsten Nohl] has recently joined the team on Flylogic’s blog. You may remember him as part of the team that reverse engineered the crypto in MiFare RFID chips. In his first post, he starts out with the basics of identifying logic cells. By studying the specific layout of the transistors you can reproduce the actual logic functions of the chip. The end of post holds a challenge for next week (pictured above). It has 34 transistors, 3 inputs, 2 outputs, and time variant behavior. Also, check out the Silicon Zoo which catalogs individual logic cells for identification.

Popular Mechanics has an interview with [Zach Anderson], one of the MIT hackers that was temporarily gagged by the MBTA. The interview is essentially a timeline of the events that led up to the Defcon talk cancellation. [Zach] pointed out a great article by The Tech that covers the vulnerabilities. The mag stripe cards can be easily cloned. The students we’re also able to increase the value of the card by brute forcing the checksum. There are only 64 possible checksum values, so they made a card for each one. It’s not graceful, but it works. The card values aren’t encrypted and there isn’t an auditing system to check what values should be on the card either. The RFID cards use Mifare classic, which we know is broken. It was NXP, Mifare’s manufacturer, that tipped off the MBTA on the actual presentation.

Germany’s Chaos Computer Club has announced the theme for their annual Chaos Communication Congress: “Nothing to hide“. Like last year’s “Full steam ahead!“, it’s open to many interpretations. People striking down privacy laws often say citizens shouldn’t mind since they have “Nothing to hide”. The phrase is also connected to the inability to hide data, as the CCC demonstrated this year by publishing the German Home Secretary’s fingerprint. On a more positive side, “Nothing to hide” is also about the free exchange of information that happens at hacker conventions. The Congress is in its 25th year and promises to be as good as ever. At last year’s 24C3, we saw great talks like [Drew Endy]’s biohacking talk and the original MiFare crypto presentation. 25C3 will be held in Berlin December 27th to 30th. The wiki is already up and they’ve published a call for participation, if you’re interested.

Another highlight for us at CCC was [Karsten Nohl] and [Henryk Plötz] presenting how they reversed Philips crypto-1 “classic” Mifare RFID chips which are used in car keys, among other things. They analyzed both the silicon and the actual handshaking over RF. Looking at the silicon they found about 10K gates. Analyzing with Matlab turned up 70 unique functions. Then they started looking “crypto-like” parts: long strings of flip-flops used for registers, XORs, things near the edge that were heavily interconnected. Only 10% of the gates ended up being crypto. They now know the crypto algorithm based on this analysis and will be releasing later in the year.

The random number generator ended up being only 16-bit. It generates this number based on how long since the card has been powered up. They controlled the reader (an OpenPCD) which lets them generate the same “random” seed number over and over again. This was actually happening on accident before they discovered the flaw.

One more broken security-through-obscurity system to add to the list. For more fun, watch the video of the presentation.